Set-acl and remove-ntfs both fail from PowerShell yet i can do it from the GUI
I have put together a script that searches all of our folders then searches the folders for groups that should have access and do not and groups that should not have access and do.
Finding only the folders that need NTFS permissions changed works great. Adding the groups that need added works great but removing groups is not working. Below is a section of my script with the section not working underlined. You can
see i have tried 2 approaches.
If i use the Remove-NTFSAccess command (which i really prefer) I get no errors and you would think all worked until you check.
If i use set-acl about half give me a error "Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" but it does not remove the Domain admins for any of the
folders including the ones that give no error.
I have privileges to do it. I can go to a folder and remove the group from the NTFS permissions in the GUI with no issue.
Thanks!
"Add Nseries Admins"
$workingdir = (Get-Content "$env:TEMP\Add nseries admins.txt")
$mynum=[int]$workingdir.Count
foreach ($path in $workingdir) {
$mynum
$mynum = $mynum - 1
$path
Add-NTFSAccess -Path "$path" -Account "SCHOOLS\Nseries Admins" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles
"Romeve Domain admins"
$workingdir = (Get-Content "$env:TEMP\Remove domain admins.txt")
$mynum=[int]$workingdir.Count
foreach ($path in $workingdir) {
$mynum
$mynum = $mynum - 1
$path
# Add-NTFSAccess -Path "$path" -Account "SCHOOLS\Nseries Admins" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles
# Remove-NTFSAccess -Path "$path" -Account "SCHOOLS\Domain Admins" -AccessRights Read -AccessType Allow -AppliesTo ThisFolderOnly
$acl=get-acl "$path"
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("SCHOOLS\Domain Admins","Read",,,"Allow")
$acl.RemoveAccessRuleAll($accessrule)
Set-Acl -Path "$path" -AclObject $acl
I just ran that a couple of times. No errors as long as the subfolders are not protected in a way the blocks the admin. I will try and find a folder that causes this exact scenario.
Is it possible that this was fixed in V4?
¯\_(ツ)_/¯
The SACL being overwritten isn't fixed. There's a Connect bug
here. Set-Acl basically does this before trying to call SetAccessControl():
$path = "$env:Temp\temp_item_name"
$acl = Get-Acl $path
# Get the binary form:
$binaryForm = $acl.GetSecurityDescriptorBinaryForm()
# Create a new SD object:
$newacl = New-Object $acl.GetType()
# Take the old binary form and use it for the new SD object,
# but tell it it's for all sections, including the SACL:
$newacl.SetSecurityDescriptorBinaryForm($binaryForm, "All")
Next, it tries to call SetAccessControl() inside of a try{} block. If it detects a PrivilegeNotHeld exception, it will try to redo the section above without setting the Owner, Group, and SACL (if certain conditions are met). I can't get the second call to
error the way Lishron did, but that doesn't mean there's no scenario where that can't happen.
By the way, here's an example of trying to call SetAccessControl() with the modified SD object from above:
$FileSystemItem = Get-Item $path
$FileSystemItem.SetAccessControl($newacl) # <-- Fails if you're not an admin; overwrites SACL if you are
$FileSystemItem.SetAccessControl($acl) # <-- Succeeds (unless you're trying to change the owner)
Similar Messages
-
I want to remove the header and footer when printing from my mac, I can do this in the Page Setup on my PC but not on the Mac. I can do it each time I print but then it resets. How do I make a universal change?
== This happened ==
Every time Firefox openedGo to the "File" menu, then "Print." The window that appears will have three drop-down menus at the top.
The first is labeled "Printer",
The second is "Presets".
The third is unlabeled but has "Copies & Pages" selected by default.
Click on that third menu and select "Firefox" near the bottom of the list. -
I have set up home sharing on both home computers, but as soon as I did this, the "shared" title on the left hand panel disappeared and I can't find it again. Any ideas?
I have the same problem - can anyone help??
-
I am from russia and i cant understand why my iphone 4g(black) can not sync..The computer gives an error saying that the synchronization can not be executed because you can not save a copy ... What should I do?
Hey joshuafromisr,
If you resintall iTunes, it should fix the issue. The following document will go over how to remove iTunes fully and then reinstall. Depending on what version of Windows you're running you'll either follow the directions here:
Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP
http://support.apple.com/kb/HT1925
or here:
Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7
http://support.apple.com/kb/HT1923
Best,
David -
I want to remove all music from my iPhone, but can't. On the music sync page I uncheck sync music, but songs remain on my phone. why?
Deleting song from iPhone and iTunes - https://discussions.apple.com/thread/3765496
-
My printer is HP Officejet Pro 8000 A809 Series and I don't see it listed. How can I print from iPad?
You can use 3rd party software such as Print n Share if you have a PC or Printopia if you have a Mac.
Or you can check HPs site and see what they have available. -
Thoroughly angry and frustrated. I've run out of room and need to make more to add more songs. Once and for all, how do I, if I even CAN, delete music from my iPod Nano WITHOUT losing them from iTunes?
You should take the time to familiarize yourself with the documentation that is available. You can "uncheck" a song in iTunes, and then do a manual update.
-
Setting - General - and no update i con show up. How can I update?
Update via itunes as always.
iOS: How to update your iPhone, iPad, or iPod touch
Read the entire article not just the first half -
My wife and I cannot connect in Game Center to play a game using IPhone 5 and iPhone 4 (both running ios 7) when we try, we just get the message "waiting"
Hello, TheHelper1964.
Thank you for the question. There could be multiple causes to the errors that you are receiving. I have included a couple articles that will help you troubleshoot this issue.
iTunes for Windows: "Unable to load data class" or "Unable to load provider data" sync services alert
http://support.apple.com/kb/TS2690
iOS: Troubleshooting backup issues in iTunes
http://support.apple.com/kb/TS2529
If you are uncomfortable processing some of these steps, you can also reach out to us at http://expresslane.apple.com.
Hope this helps,
Jason H. -
I have 2 different MacBooks (owned by 2 people) connected to the same Time Capsule over a wifi network. I want to use the Time Capsule to back up both MacBooks separately from each other. Can one person access the hard drive of the other person, on the same Time Capsule? Is there a way to ensure that the files on the 2 laptops are kept private from each other? Thanks!
If someone really wants to do something, it won't take them long to find out how to do it.
http://pondini.org/TM/17.html
Security on a Time Capsule is a bit like installing a lock on a tent. It will keep the honest folks out, but probably not the others. -
I forgot my security question and i guess i failed all mt atempts, what can i do ? please urgently..
Hello,
i forgot my security question and i guess i failed all mt atempts, what can i do ? please urgently..You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(112725) -
Two problems:
1. I am unable to post comments from FF, but I can do it from IE,
though it takes ages with IE. Checked for Virus etc. with McAfee,
ZoneAlarm and Spybot. FF versions 4 later changed to 12. Both
do not allow - just keeps waiting (tried up to about 1 hour). It
started about a month ago.
2. I am unable to attach .pdf files from FF in Yahoo Mail. It works
from IE - though it takes ages (script?).
I am using 'NO Script' from FF - but for most cases I have to
go to 'partially allowed' mode.
Thanks
SB(1) As instructed I went to 'run' and typed in the code. It took me to 'xuowtwd1.default' folder under 'Profiles'. There were several files stored there and
I did not know what to do. Next...
(2). As suggested I went to 'troubleshooting Information' under 'Help' drop down list.
(3). Followed instructions, but could not find the 'Reset Profile' button.
(4). It said the instructions were not for my version (V12) of FF.
(5). Downloaded V. 14.0.1
(6). Will not install. As mentioned earlier I am using Windows 2000 (p.s.initial
complaint) -
The only way I can open a new tab in Firefox is by right-clicking a bookmarked site and selecting "Open in a New Tab." I can't click on the New Tab + or CTR+T or open via File. WHY don't the other means work?
The Ask Toolbar is causing that in the Firefox 3.6.13+ versions. Uninstall that extension.
There are a couple of places to check for the Ask toolbar:
* Check the Windows Control panel for the Ask Toolbar - http://about.ask.com/apn/toolbar/docs/default/faq/en/ff/index.html#na4
* Also check your list of extensions, you may be able to uninstall it from there - https://support.mozilla.com/kb/Uninstalling+add-ons -
Hi. I purchased a new ipad mini and my brother already has iphone 4,so how can i avoid sharing the same contents that are on his phone? Will creating an other apple id help us in seperating our facetime and icloud accounts as we share our laptop to sync ?
Have a read here...
https://discussions.apple.com/message/18409815?ac_cid=ha
And See Here...
How to Use Multiple iDevices with One Computer -
i recently have ipad but before i sell it i made a back up of it and by an iphone when i put all the date on my iphone some files and software did not install is there anything i can do to recover the lost data? please help
I don't think you're on iOS 5, I think you're using iOS 6. That's the latest version.
Unless you've used iCloud to back up your documents, you won't be able to restore them. And for future reference, you don't have to uninstall Pages to update your iPad anymore. Sorry about this.
Maybe you are looking for
-
Is there a way to make the submenus of a horizontal navigation bar fade in? I would like something similar to this: http://www.gatewaychurch.com/
-
Auto Scaling thumbs in Mini Bridge really necessary?
I would expect that opening up Mini Bridge would simply show more thumbs rather than automatically scaling 1 or 2 as big as possible. How is this useful? And how is it not annoying? I wish Mini bridge had a Scale Slider like its big brother has. Don'
-
Dear All, I bought a New E52 Mobile, till last week it was working fine. But then my mobile started to switch off often. Can anyone help me on this. Regards, Shagul
-
Can I save PDF's in a form where text can be edited by people that only have Adobe reader ?
If I have Adobe acrobat can I save PDF's in a form where text can be edited by people that only have the free version of Adobe reader ? If so do I need a prof verion of Acrobat to do this ?
-
Hey all. Creating my first form in LiveCycle. Haven't a clue as to what I'm doing... maybe someone can help. I don't know javascript, so I usually just use trial and error until I figure it out... but I just can't get this to work. I have 20 images o